Jump to content

ken545

Trusted Malware Techs
  • Content Count

    292
  • Joined

  • Last visited

About ken545

  • Rank
    Member
  • Birthday 02/20/1939

Profile Information

  • Gender
    Male
  • Location
    Florida's Spacecoast
  • Interests
    Fighting Malware and cooking so great Italian and TexMex food

Previous Fields

  • System Specifications:
    Windows 7 Ultimate Windows 8.1
  • Teams:
    Nothing Selected
  1. Awong, I posted back at Safer to have you run a couple of more scans. I was hoping here at the PIT they would run you through a test to check the health of your hard drive and go from there, lets see if the scans found anything and if not then we can post back here
  2. ken545

    Strangely Slow

    Glad things are running better for you and we could help, Regards, ken
  3. ken545

    Help Analyzing Hijack This Report

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
  4. ken545

    My Hi Jack This Logs.

    Sorry for the delay, missed the email notification that you replied. Yes go ahead and clean out the Recycle Bin Open OTL and click on Clean Up and it will remove most of the tools we used to clean your system along with there backups. How did I get infected in the first place ? Read these links and find out how to prevent getting infected again. Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected. WhattheTech Grinler BleepingComputer GeeksTo Go Dslreports Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community Spybot Search and Destroy 1.6Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy. WinPatrol Keep this fine program activated to block a lot of threats Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection. Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing. IE-Spyad IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites. Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both. Safe Surfn Ken
  5. ken545

    My Hi Jack This Logs.

    Hi, Lets delete this two files, but leave them in the Recycle bin , reboot and make sure there is no problem, if there is than you can restore them, I am sure there not good. C:\WINDOWS\Xhekoful.dat C:\WINDOWS\Mpemabowinewunoz.bin The two entries that ESET found where just backups of what Combofix removed , we will clean all that out in a bit also. Let me know how it went with those two files
  6. ken545

    My Hi Jack This Logs.

    Just curios about these two files. Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :file C:\WINDOWS\Xhekoful.dat C:\WINDOWS\Mpemabowinewunoz.bin Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt Please run this free online virus scanner from ESET Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic
  7. ken545

    My Hi Jack This Logs.

    Orbit, I am still looking at those P2P (File Sharing Programs ) on your system. I strongly urge you to uninstall them. Your downloading that file from and unknown source, malware writers are in tune to this and it has become one of the latest ways to infect your computer. Why don't you run this program, its a quick scan and let me take one more final look. OTL by OldTimer Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
  8. ken545

    My Hi Jack This Logs.

    Well , logs look ok, how are things running now ?
  9. ken545

    My Hi Jack This Logs.

    Hi Orbit, Your CF log looks fine. Reboot and see if AVG keeps flagging that file. I don't see it anywhere on your log, it may be gone or in quarantine Download and Run SystemLook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind ahicenay.dll Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
  10. ken545

    My Hi Jack This Logs.

    Go ahead and run Combofix with this new script DDS:: uWinlogon: Shell=c:\documents and settings\eric\application data\hotfix.exe TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File File:: c:\documents and settings\eric\application data\hotfix.exe c:\windows\ahicenay.dll There is one more I want to check but we can do that later
  11. ken545

    My Hi Jack This Logs.

    Good Morning Orbit, These two c:\windows\wfctfoc.dll<--This file c:\windows\ahicenay.dll<--This file
  12. ken545

    My Hi Jack This Logs.

    Hi, Still looking at some markers in your log for ThinkPoint. You need to enable windows to show all files and folders, instructions Here Go to VirusTotal and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again c:\windows\wfctfoc.dll c:\windows\ahicenay.dll If the site is busy you can try this one http://virusscan.jotti.org/en Drag Combofix to the trash and download a fresh copy. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS:: DDS:: uWinlogon: Shell=c:\documents and settings\eric\application data\hotfix.exe TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File File:: c:\documents and settings\eric\application data\hotfix.exe Save this as CFScript to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below. This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. There are still a few more things to check, just don't want to overwhelm you
  13. ken545

    My Hi Jack This Logs.

    Hello breakingorbit, JonTom is away and I will be helping you, please post the new DDS log, your wifes account will be fine
  14. ken545

    Malware turned screen white

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
  15. ken545

    Hijack This Scan Log - Please Help

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
×